Brian wrote:
> With SSLBYPASS, the environment variable is checked the first time a socket
> is created. That means that if the application called SSL_OptionSetDefault
> before creating a socket, the environment variable will override the
> explicit call to SSL_OptionSetDefault. ...
> ... I will file a separate bug
> about more clearly documenting the advantages/disadvantages of using
> SSL_OptionSetDefault as it related to environment variables.
Wan-Teh wrote:
Thank you for the explanation. This is the bug I feared.
SSL_OptionSetDefault should override environment variables. We should
fix this bug for all environment variables with a separate patch.

Also, SSL_OptionGetDefault will return the wrong results until a socket is created.

Assignee: nobody → bsmith

Summary: libssl: SSL_OptionSetDefault do not override environment variables like SSLBYPASS and NSS_* → libssl: SSL_OptionSetDefault and SSL_OptionGetDefault do not account for environment variables like SSLBYPASS and NSS_*

I object. The documented behavior of these environment variables is that they
override all application behavior. IMO, the environment variables should trump all other calls. I've always envisioned them this way. They exist to allow users to change the behaviors of applications, even those that call "...SetDefault".

Nelson, we cannot make the environment variables trump SSL_OptionSet because that would break backward compatibility.
I am happy to let them continue to override SSL_OptionSetDefault. I can just change Gecko to always use SSL_OptionSet and never SSL_OptionSetDefault. (I would like to make this change anyway.) But, SSL_OptionSet must continue to work the same way it does now.

I don't know where the precedence is documented. My expected
precedence is as follows, from high to low:
SSL_OptionSet
SSL_OptionSetDefault
environment variables
initializers for the static variable 'ssl_defaults'
Environment variables change the defaults of the NSS library.
Applications should then be able to change an option to the
desired value.
I believe this is what the current libSSL code intends to do,
but it does that imperfectly; the side effect of an
SSL_OptionSetDefault call before the first ssl_Socket call is
discarded.
To implement the behavior Nelson described in comment 5,
SSL_OptionSetDefault needs to honor the defaults specified
by environment variables, but this is only done for the
SSL_NO_LOCKS option using the SSLFORCELOCKS environmet
variable. It is not done for the other three environment
variables Nelson added: SSLBYPASS, NSS_SSL_ENABLE_RENEGOTIATION,
and NSS_SSL_REQUIRE_SAFE_NEGOTIATION.